Kbase P13684: WebSpeed's _cpyfile.p allows arbitrary file overwrites
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
14/05/2007 |
|
Status: Verified
FACT(s) (Environment):
Progress 9.x
WebSpeed 3.1x
SYMPTOM(s):
WebSpeed's _cpyfile.p allows arbitrary file overwrites
A remote user can overwrite files on the server using specifically crafted WebSpeed URLs
_cpyfile.p does not check broker mode
CAUSE:
Bug# OE00083580
FIX:
Upgrade to OpenEdge 10.0A or later. In OpenEdge 10.0A or later, _cpyfile.p does not allow such file writes when the WebSpeed broker mode is set to "Production".
If you can not upgrade, there are three workarounds to the situation depending on your deployment configuration.
1. If webspeed production broker does not share the same Progress installation as the development broker, rename the _cpyfile.r in $DLC/tty/webutil, and $DLC/gui/webutil directories.
2. If the production brokers share the same Progress installation as a development broker, a solution is to create identical directory structure but in a different directory with program of the same name _cpyfile.p. The program would contain the following line:
RETURN ERROR.
Compile the program, and copy the compiled .r into newly created directories
For example,
- create $DLC/security directory, then under that $DLC/security/webutil, $DLC/security/tty/webutil and $DLC/security/gui/webutil directory structures
- create programs _cpyfile.p in $DLC/security/webutil, containing the following line:
RETURN ERROR.
- compile the program using the character client
- copy the compiled _cpyfile.r to newly created directores $DLC/security/tty/webutil, and $DLC/security/gui/webutil
- add $DLC/security to the start of the production broker's PROPATH in ubroker.properties.
3. A non-WebSpeed solution, using Apache, is to check the incoming URL for the offending programs, then redirect it to a 404 page or some other page.